summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2006-08-28 02:13:50 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:38:55 -0500
commit6f9ce7def71ac7156be1583a6a0d610414330c98 (patch)
tree3b7f181d0bf262dca9ba4a69a80063f48421f627
parent6ee700bd65ea12bf172fce42adf332f6e30ab626 (diff)
downloadsamba-6f9ce7def71ac7156be1583a6a0d610414330c98.tar.gz
samba-6f9ce7def71ac7156be1583a6a0d610414330c98.tar.bz2
samba-6f9ce7def71ac7156be1583a6a0d610414330c98.zip
r17864: Fix possible null deref if client doesn't give us
an answer record. Found by the Stanford checker. Jeremy. (This used to be commit 1ec77c50118de808f710b17f878b1e80d4e351d5)
-rw-r--r--source3/nmbd/nmbd_namequery.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/source3/nmbd/nmbd_namequery.c b/source3/nmbd/nmbd_namequery.c
index 1b07852f11..2c1cd13034 100644
--- a/source3/nmbd/nmbd_namequery.c
+++ b/source3/nmbd/nmbd_namequery.c
@@ -59,7 +59,15 @@ static void query_name_response( struct subnet_record *subrec,
rrec->repeat_count = 0;
/* How long we should wait for. */
- rrec->repeat_time = p->timestamp + nmb->answers->ttl;
+ if (nmb->answers) {
+ rrec->repeat_time = p->timestamp + nmb->answers->ttl;
+ } else {
+ /* No answer - this is probably a corrupt
+ packet.... */
+ DEBUG(0,("query_name_response: missing answer record in "
+ "NMB_WACK_OPCODE response.\n"));
+ rrec->repeat_time = p->timestamp + 10;
+ }
rrec->num_msgs--;
return;
} else if(nmb->header.rcode != 0) {